Our Blog

Cybersecurity Alert released by US CERT: TA18-106A: Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices

By Laura Gannon | Apr 16, 2018 | 0 Comments

Published April 16, 2018 at 12:25PM on April 16, 2018 at 12:25PM at US CERT Alerts Blog: TA18-106A: Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices by US-CERT Original release date: April 16, 2018<br /> <h3>Systems Affected</h3> <ul><li>Generic Routing Encapsulation (GRE) Enabled Devices</li><li>Cisco Smart Install (SMI) Enabled Devices</li><li>Simple Network Management Protocol (SNMP) Enabled Network Devices</li></ul>…

Read More

WordPress Vulnerability CVE-2014-6412 released on NVD

By Laura Gannon | Apr 15, 2018 | 0 Comments

WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach. Published on April 12, 2018 at 04:29PMView on the National Vulnerability Database

Read More

WordPress Vulnerability CVE-2015-4557 released on NVD

By Laura Gannon | Apr 15, 2018 | 0 Comments

Cross-site scripting (XSS) vulnerability in the new_Twitter_sign_button function in nextend-Twitter-connect.php in the Nextend Twitter Connect plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter. NOTE: this may overlap CVE-2015-4413. Published on April 12, 2018 at 10:29AMView on the National Vulnerability Database

Read More

WordPress Vulnerability CVE-2014-1889 released on NVD

By Laura Gannon | Apr 10, 2018 | 0 Comments

The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check. Published on April 10, 2018 at 10:29AMView on the National Vulnerability Database

Read More

WordPress Vulnerability CVE-2014-3114 released on NVD

By Laura Gannon | Apr 10, 2018 | 0 Comments

The EZPZ One Click Backup (ezpz-one-click-backup) plugin 12.03.10 and earlier for WordPress allows remote attackers to execute arbitrary commands via the cmd parameter to functions/ezpz-archive-cmd.php. Published on April 10, 2018 at 10:29AMView on the National Vulnerability Database

Read More

WordPress Vulnerability CVE-2014-5034 released on NVD

By Laura Gannon | Apr 6, 2018 | 0 Comments

Cross-site request forgery (CSRF) vulnerability in the Brute Force Login Protection module 1.3 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that have unknown impact via a crafted request to the brute-force-login-protection page to wp-admin/options-general.php. Published on April 06, 2018 at 11:29AMView on the National Vulnerability Database

Read More

WordPress Vulnerability CVE-2014-5072 released on NVD

By Laura Gannon | Apr 6, 2018 | 0 Comments

Cross-site request forgery (CSRF) vulnerability in WP Security Audit Log plugin before 1.2.5 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Published on April 06, 2018 at 11:29AMView on the National Vulnerability Database

Read More

WordPress Vulnerability CVE-2014-6604 released on NVD

By Laura Gannon | Mar 29, 2018 | 0 Comments

Cross-site scripting (XSS) vulnerability in class-s2-list-table.php in the Subscribe2 plugin before 10.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ip parameter. Published on March 29, 2018 at 01:29PMView on the National Vulnerability Database

Read More

Cybersecurity Alert released by US CERT: TA18-086A: Brute Force Attacks Conducted by Cyber Actors

By Laura Gannon | Mar 27, 2018 | 0 Comments

Published March 27, 2018 at 05:00PM on March 27, 2018 at 05:00PM at US CERT Alerts Blog: TA18-086A: Brute Force Attacks Conducted by Cyber Actors by US-CERT Original release date: March 27, 2018<br /> <h3>Systems Affected</h3> Networked systems</p> <h3>Overview</h3> <p>According to information derived from FBI investigations, malicious cyber actors are increasingly using a style of…

Read More

WordPress Vulnerability CVE-2014-2274 released on NVD

By Laura Gannon | Mar 19, 2018 | 0 Comments

Cross-site request forgery (CSRF) vulnerability in the Subscribe To Comments Reloaded plugin before 140219 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via a request to the subscribe-to-comments-reloaded/options/index.php page to wp-admin/admin.php. Published on March 19, 2018 at 04:29PMView on the National Vulnerability Database

Read More

Subscribe to Blog

Get Updates about new blog posts as well as the latest in WordPress Vulnerabilities.

Something went wrong. Please check your entries and try again.